// #pii
4 articles
Zara Confirms Data Breach Affecting 197,000 Customers — ShinyHunters' April Extortion Claim Now Substantiated
Inditex has confirmed that a breach of Zara customer data exposed the personal information of approximately 197,000 people, substantiating the ShinyHunters extortion claim from late April 2026. Exposed data includes names, email addresses, postal addresses, phone numbers, and purchase history. European GDPR notification has been filed and affected customers are being contacted.
Rituals Cosmetics Discloses Data Breach — Up to 40 Million My Rituals Members' PII Potentially Exposed
Amsterdam-based luxury cosmetics brand Rituals has disclosed a breach of its My Rituals membership platform affecting potentially up to 40 million registered members across its 1,170-plus retail locations in 37 countries. Exposed data includes names, contact details, date of birth, gender, and purchase history. The breach carries significant GDPR obligations as Rituals is headquartered in the EU.
France Titres (ANTS) Breach Exposes 11.7 Million Citizens' Identity Records
France's national secure-ID document agency confirmed a breach affecting 11.7 million citizens — roughly one in five residents — after threat actor 'breach3d' claimed to have exfiltrated records including names, dates of birth, addresses, email addresses, and phone numbers. CNIL, ANSSI, and the Paris Public Prosecutor have been notified. Organisations operating in France face elevated customer account fraud and social engineering risk from the compromised data.
ADT Confirms Customer Data Breach After ShinyHunters Vishing Attack on Help Desk
ADT, the US home and business security monitoring provider, has confirmed a data breach after ShinyHunters used voice phishing to social-engineer a support employee into granting access to customer management systems. Names, phone numbers, and account data were exfiltrated. The incident underlines how thoroughly attackers have made help desk social engineering a standard tool.